Algorand MCP

--- arc: 8 title: Algorand Wallet Sign and Post API description: A function used to simultaneously sign and post transactions to the network. author: DanBurton (@DanBurton) discussions-to: https://github.com/algorandfoundation/ARCs/issues/52 status: Deprecated type: Standards Track category: Interface created: 2021-08-09 --- # Algorand Wallet Sign and Post API ## Abstract A function `signAndPostTxns`, which accepts an array of `WalletTransaction`s, and posts them to the network. Accepts the inputs to [ARC-0001](./arc-0001.md#interface-signtxnsfunction)'s / [ARC-0005](./arc-0005.md#interface-signtxnsfunction)'s `signTxns`, and produces the output of [ARC-0007](./arc-0007.md#interface-posttxnsfunction)'s `postTxns`. ## Specification ### Interface `SignAndPostTxnsFunction` ```ts export type SignAndPostTxnsFunction = ( txns: WalletTransaction[], opts?: any, ) => Promise<PostTxnsResult>; ``` * `WalletTransaction` is as specified by [ARC-0005](./arc-0005.md#interface-wallettransaction). * `PostTxnsResult` is as specified by [ARC-0007](./arc-0007.md#interface-posttxnsfunction). Errors are handled exactly as specified by [ARC-0001](./arc-0001.md#error-standards) and [ARC-0007](./arc-0007.md#error-standard) ## Rationale Allows the user to be sure that what they are signing is in fact all that is being sent. Doesn't necessarily grant the DApp direct access to the signed txns, though they are posted to the network, so they should not be considered private. Exposing only this API instead of exposing `postTxns` directly is potentially safer for the wallet user, since it only allows the posting of transactions which the user has explicitly approved. ## Security Considerations In case the wallet uses an API service that is secret or provided by the user, the wallet **MUST** ensure that the URL of the service and the potential tokens/headers are not leaked to the dApp. > Leakage may happen by accidentally including too much information in responses or errors returned by the various methods. For example, if the nodeJS superagent library is used without filtering errors and responses, errors and responses may include the request object, which includes the potentially secret API service URL / secret token headers. For dApps using the `signAndPostTxns` function, it is **RECOMMENDED** to display a Waiting/Loading Screen to wait until the transaction is confirmed to prevent potential issues. > The reasoning is the following: the pop-up/window in which the wallet is showing the waiting/loading screen may disappear in some cases (e.g., if the user clicks away from it). If it disappears, the user may be tempted to perform again the action, causing significant damages. ## Copyright Copyright and related rights waived via <a href="https://creativecommons.org/publicdomain/zero/1.0/">CCO</a>.